database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-15465 Server crash or ASAN heap-use-after-free in Item_func_match::cleanup upon using FT search with partitioning.

Browse Source 
Partition engine FT keys are implemented in such a way that
the FT function's cleanup() methods use table's internals.
So calling them after close_thread_tables is unsafe.
This commit is contained in:
Alexey Botchkov
2018-05-15 14:10:19 +04:00
parent a0048378f9
commit e06c029849
5 changed files with 76 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
mysql-test/main/partition_sync.result
View File

@ -61,3 +61,28 @@ connection default;
disconnect con2;
disconnect con3;
DROP TABLE tbl_with_partitions;
#
# MDEV-15465 Server crash or ASAN heap-use-after-free in Item_func_match::cleanup
# upon using FT search with partitioning.
#
connect con1,localhost,root,,test;
CREATE OR REPLACE TABLE t1 (c CHAR(8)) ENGINE=MyISAM PARTITION BY KEY(c);
connection default;
set debug_sync= 'execute_command_after_close_tables SIGNAL opened WAIT_FOR go';
DELETE FROM t1 WHERE MATCH(c) AGAINST ('foo' IN BOOLEAN MODE);
connection con1;
set debug_sync= 'now WAIT_FOR opened';
FLUSH TABLES;
set debug_sync= 'now SIGNAL go';
connection default;
set debug_sync= 'execute_command_after_close_tables SIGNAL opened WAIT_FOR go';
SELECT * FROM t1 WHERE MATCH(c) AGAINST ('foo' IN BOOLEAN MODE);
connection con1;
set debug_sync= 'now WAIT_FOR opened';
FLUSH TABLES;
set debug_sync= 'now SIGNAL go';
disconnect con1;
connection default;
c
DROP TABLE t1;
set debug_sync= 'RESET';